2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
Often times when I am presenting at conferences around the country, people will ask me “Is SIEM Dead”? Such a great question! Has the technology reached its end of life? Has SIEM really crashed and burned? I think the answer to that question is NO. SIEM is not dead, it has just evolved.
SIEMs unfortunately have struggled to keep pace with the security needs of modern enterprises, especially as the volume, variety and velocity of data has grown. As well, SIEMs have struggled to keep pace with the sophistication of modern day threats. Malware 15 years ago was static and predictable. But today’s threats are stealthy and polymorphic. Furthermore, the reality is that few enterprises have the resources to dedicate to the upkeep of SIEM and the use of SIEM technology to address threat management has become less effective and waned. Gartner Analyst Oliver Rochford famously wrote, “Implementing SIEMs continues to be fraught with difficulties, with failed and stalled deployments common.”(1)
In Greek mythology, a phoenix (Greek: φοῖνιξ phoinix; Latin: phoenix, phœnix, fenix) is a long-lived bird that is cyclically regenerated or reborn. Associated with the sun, a phoenix obtains new life by arising from the ashes of its predecessor.
The SIEM ashes are omnipresent and security analytics is emerging as the primary system for detection and response.
Although we use the term SIEM to describe this market, SIEM is really made up of two distinct areas:
Folks generally do not distinguish between these two areas anymore and just use “SIEM” to describe the market category. However, it’s important to take note of what you are trying to accomplish and which problems you are trying to solve with these solutions.
One could easily dismiss these solutions outright, but the security market is huge – $21.4B in 2014 according to our friends at Gartner. And the SIEM piece alone reached $1.6B last year.
According to 451 Research the security market has around 1,500-1,800 vendors broken down into a number of main categories across IAM, EPP, SIEM, SMG, SWG, DLP, Encryption, Cloud Security, etc. And within each of these main categories, there are numerous sub categories.
And despite the billions of dollars invested, current security and SIEM solutions are struggling to keep the bad guys out. Whether cyber criminals, corporate spies, or others, these bad actors are getting through.
The Executive Chairman and former CEO of Cisco Systems famously said, “There are two types of companies, those who have been hacked and those who have no clue.” Consider for a moment that the median # days before a breach is detected exceeds 6 ½ months and that the % of victims notified by external 3rd parties is almost 70% (3). People indeed have no clue! Something different is clearly needed.
This is the first in a series of blogs on SIEM and Security Analytics. Stay tuned next week for our second blog titled “SIEM and Security Analytics: Head to Head.”
Find out how Sumo Logic helps deliver advanced security analytics without the pain of SIEM
Sign up for a free trial of Sumo Logic. It’s quick and easy. Within just a few clicks you can configure streaming data, and start gaining security insights into your data in seconds.
(1) Gartner: Overcoming Common Causes for SIEM Deployment Failures by Oliver Rochford 21Aug2014
(2) Forrester: Evolution of SIEM graph, taken from Security Analytics is the Cornerstone of Modern Detection and Response, December 2015
(3) Mandiant mTrends Reports
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial